QSearchQSearch

CVE-2026-46183

7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: protect path kfree() with damon_sysfs_lock ...

Published: 2026-05-28 · Last updated: 2026-06-11

Severity and scoring

CVSS
7.8 HIGH
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-415

Affected products

VendorProduct
linuxlinux_kernel

Description

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: protect path kfree() with damon_sysfs_lock damon_sysfs_quot_goal->path can be read and written by users, via DAMON sysfs 'path' file. It can also be indirectly read, for the parameters {on,off}line committing to DAMON. The reads for parameters committing are protected by damon_sysfs_lock to avoid the sysfs files being destroyed while any of the parameters are being read. But the user-driven direct reads and writes are not protected by any lock, while the write is deallocating the path-pointing buffer. As a result, the readers could read the already freed buffer (user-after-free). Note that the user-reads don't race when the same open file is used by the writer, due to kernfs's open file locking. Nonetheless, doing the reads and writes with separate open files would be common. Fix it by protecting both the user-direct reads and writes with damon_sysfs_lock.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-46273 In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapt... (8.6 HIGH)
  • CVE-2026-46272 In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode ... (4.7 MEDIUM)
  • CVE-2026-46271 In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: do WoW offloads only on primary link In case of multi... (7.8 HIGH)
  • CVE-2026-46270 In the Linux kernel, the following vulnerability has been resolved: power: supply: rt9455: Fix use-after-free in power_supply_changed() ... (8.4 HIGH)
  • CVE-2026-46269 In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix NULL pointer dereference when parsing dev... (5.5 MEDIUM)

Same CWE

  • CVE-2026-35188 Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the status_request extension, tr... (5.0 MEDIUM)
  • CVE-2026-45324 Rizin is a UNIX-like reverse engineering framework and command-line toolset (3.3 LOW)
  • CVE-2026-44422 FreeRDP is a free implementation of the Remote Desktop Protocol (7.5 HIGH)
  • CVE-2026-46189 In the Linux kernel, the following vulnerability has been resolved: RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error pa... (7.8 HIGH)
  • CVE-2026-46164 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free in create_space_info_sub_group() error path ... (7.0 HIGH)